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(54) Method and apparatus providing for internet protocol address authentication 



(57) A method and apparatus for storage of user 
identifier / IP address pairs in a network. The network 
includes a DHCP server for assigning IP addresses to 
computer and other devices in the network, a device 
(such as a computer) coupled to receive an IP address 



from the DHCP server, an authentication server coupled 
with the device for receiving user Identifier / IP address 
pairs from the device and authenticating the user, and 
a directory server coupled to receive authenticated user 
identifier / IF address pairs from the authentication serv- 
er. 
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formation. 

[0028] As will be appreciated, the authentication of 
the user id and IP address pair known to be valid only 
at the instant of authentication. In certain ennbodinnents. 
it nnay be useful to provide for a tinne out or other nnech- 
anism which requires the user to re-authenticate after 
Sonne event (such as the expiration of a period of time). 
[0029] Turning briefly to Figure 3, a high level block 
diagram illustrating components of the LDAP server 106 
is shown. The LDAP server 106 comprises a database 
of authenticated user id/IP address pairs 304. These 
pairs have, in the described embodiment, been received 
from the authentication server 104 using a communica- 
tion program 302 executed on processor 306 for receiv- 
ing the user id/IP address pairs. Applications executing 
on requesting devices 109 may request access to the 
user id/IP address pairs 304 by using communication 
program 301. 

[0030] Certain Implementations may not require se- 
curity. In such implementations, aspects of the present 
invention may be Implemented without requirement for 
use of the authentication techniques discussed above. 
Therefore, the present application may refer to the au- 
thentication server 104 simply as a binding server. The 
binding server and LDAP server (or other database) 
may be referred to collectively as a "binding system" 
which serves to associate a user Identifier with dynamic 
information about the user (such as an IP address) and 
store the information In a data store. 
[0031] Thus, what has been disclosed is a method 
and apparatus for authenticating users/internet protocol 
(IP) address pairs. 

Claims 

1. A method comprising: 

providing an Internet protocol (IP) address to a 
computer: 

establishing a connection between the compu- 
ter and a server: 

receiving by the server the IP address and a 
corresponding user identifier and to be used by 
a user of the computer; and 
storing the user identifier/IP address pair in a 
data store. 

2. The method as recited by claim 1 , wherein the es- 
tablishing of the connection includes 

authenticating the user: and 
establishing a secure connection between the 
computer and the server If the user is authen- 
ticated. 

3. The method as recited by claim 1, wherein the as- 
signing of the internet protocol address Includes 



initiating a request by the computer to 3 dyr.cirri- 
ic host configuration protocol (DHCP) server: 
and 

assigning the IP address by the DHCP server: 
5 and 

sending the IP address to the computer. 

4. The method as recited by claim 1 . wherein the data 
store includes a database of a Lightweight Directory 

10 Access Protocol server. 

5. A server comprising: 

a first data store having stored therein an au- 
T5 thentlcated user Identifier /Internet protocol ad- 

dress pair: and 

a second data store having stored therein a pro- 
gram which when executed on a processor re- 
trieves the authenticated user identifier / inter- 
20 net protocol address pair and transmits the pair 

to a requesting device. 

6. The server as recited by claim 5. further comprising: 

a third data store having stored therein a pro- 
25 gram which when executed on a processor stores 
authenticated user Identifier / internet protocol ad- 
dress pairs received from an authentication server. 

7. A method comprising: 

30 

a first device communicating with a dynamic 
host configuration protocol (DHCP) server to 
have an internet protocol (IP) address assigned 
to the first device; 
35 the first device communicating with an authen- 

tication server a user Identifier and the IP ad- 
dress: 

the authentication server authenticating the us- 
er: 

40 the authentication server communicating to a 

lightweight directory access protocol (LDAP) 
server the user Identifier / IP address pair; and 
the LDAP server storing the user identifier / IP 
address pair. 

^5 

8. A network comprising: 

a dynamic host configuration protocol (DHCP) 
server: 

50 a computer coupled In communication with the 

DHCP server over the network to receive an in- 
ternet protocol (IP) address; 
an authentication server coupled in communi- 
cation over the network with the computer, the 

55 authentication server to authenticate a user us- 

ing the computer based on a user identifier 
communicated from the computer: and 
a directory server coupled in communication 
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with the authentication server, the directory 
server to receive and store both the authenti- 
cated user identifier and its corresponding !P 
address from the authentication server. 

5 

9. The network as recited by claim 8. wherein the di- 
rectory server is a lightweight directory access pro- 
toco! (LDAP) server. 

10. The network as recited by claim 8 further compris- 
ing requesting devices coupled in communication 
with the directory server for requesting authenticat- 
ed user identifier / IP address pairs. 

11. A network comprising a DHCP server for assigning '5 
internet protocol (IP) addresses to computer and 
other devices in the network, a device coupled to 
receive an IP address from' the DHCP server, an 
authentication server coupled with the device for re- 
ceiving user identifier / IP address pairs from the 20 
device and authenticating the user, and a directory 
server coupled to receive authenticated user iden- 
tifier/ IP address pairs from the authentication serv- 
er. 

25 

12. A lightweight directory access protocol (LDAP) 
server comprising: 

a first data store having stored therein an user 
identifier / internet protocol address pair; and ^0 
a second data store having stored therein a pro- 
gram which when executed on processor re- 
trieves the user identifier / internet protocol ad- 
dress pair and transmits the pair to a requesting 
device. 

13. A lightweight directory access protocol (LDAP) 
server comprising: 

a first data store having stored therein an user -^o 
identifier and dynamic information related to 
the user identifier: and 

a second data store having stored therein a pro- 
gram which when executed on processor re- 
trieves the user identifier and dynamic informa- *'5 
tion and transmits the information to a request- 
ing device. 

14. The LDAP server as recited by claim 13. further 
comprising a third data store having stored therein so 
a program which when executed on a processor 
stores dynamic information related to a user identi- 
fier in the first data store. 

15. The LDAP server as recited by claim 14. wherein 55 
the dynamic infornnation is an internet protocol ad- 
dress. 
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